Garrett Gross

Sr. Manager, Field Enablement

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

Application security is arguably the single biggest challenge confronting security professionals today.By “application,” I mean any internally-developed build, regardless of whether its primary intended platform is the Web, mobile devices, or a traditional desktop OS like Windows. This is because all application builds must go through the standard cycle of development, testing, settling on a release candidate,…

What is big data, anyway?If you haven’t been living in a cave the last five years, you have no doubt run across the phrase “big data” as an IT hot topic. But like so many other terms — “cloud” comes to mind — basic definitions, much less useful discussions of big data security…

Get the latest security news in your inbox.

Web-based business services require trusted mechanisms by which money, sensitive information, or both can change hands. We know these as web applications; hackers know them as opportunities.How complicated is web application security? You can get a sense by surfing to OWASP — the Open Web Application Security Project, which organizes security-relevant information, including exploits of all kinds.This site…

Why bother to pick a lock if you can simply kick in the door?That’s the logic behind the brute force attack, one of the most common of all security exploits. The idea behind brute force is simple: simply try all possibilities until you find the one that works. Typically, there is no prioritization of some possibilities over…

Image courtesy of http://xkcd.com/Continuing my discussion of common classes of attacks, this time I’ll be covering rootkits and rootkit detection.What is a rootkit? You can see it right in the etymology of the word itself; it’s a combination (kit) of software that, once root access is achieved, can carry out stealthy activity…

One of the best ways to improve IT security is for security specialists to understand, at a fundamental level, how different kinds of exploits work. They tend to fall into clusters, based on certain core ideas.Among the most common forms, for instance, is buffer overflow attacks. The root idea is fairly simple: by inserting more data into a memory…

No security strategy is perfect, but those that work via multiple layers are better than those that don’t. At many organizations, for instance, intrusion detection/intrusion prevention (IDS / IPS) solutions have been deployed for many years as a logical combination with one or more firewalls.The idea is simple: if a firewall constitutes an entry point to the…

Here’s a daunting question asked by many security professionals today: “How can I discover malicious user behavior more rapidly?”It’s hard enough after the fact to point at an event and say: “Aha, this was a breach underway.” But that, of course, is far too late. The goal should be to detect…

Juniper ScreenOSNobody likes eavesdroppers, ESPECIALLY when the eavesdroppers are state-sponsored hackers, quite possibly from your own government. While officially unconfirmed, the discovery of backdoors in Juniper’s ScreenOS, correlated with what we know about some of the NSA’s digital interdiction methods, indicate that they might have been involved. NSA involvement or not, having any sort of…

A dangerous weapon in the hands of a skilled attacker is alarming but that same weapon in the hands of a novice can be terrifying. Lately, we have started to see activity from a group in the Middle East who, rather than write their own code, seem to be taking bits and pieces from existing malware to develop their own…

In two recent blog entries, I discussed botnets — best practices in botnet detection and dealing with botnet command & control servers.This time I’ll be exploring one of their most commonplace tasks: distributed denial of service attacks.What is a distributed denial of service attack?The fundamental premise of distributed denial of service attacks is simple: flooding…

Every holiday season, retailers become prime targets for point of sale (POS) and endpoint-based attacks due to the much higher volume of in-person and online transactions that take place. Attackers know that the high volume of transactions and need to minimize downtime leaves most IT teams in retail little time to detect unusual behavior.Security researchers are seeing increasingly sophisticated…